Detections
Analytics

Atlassian OAuth Plugin 1.3.0 < 1.9.12 / 2.0.0 < 2.0.4 Server-Side Request Forgery

medium Web App Scanning Plugin ID 98999

Language:

Synopsis

Atlassian OAuth Plugin 1.3.0 < 1.9.12 / 2.0.0 < 2.0.4 Server-Side Request Forgery

Description

Atlassian OAuth Plugin from version 1.3.0 to 1.9.11 and from version 2.0.0 to 2.0.3 allows remote attackers to make the target application act as a proxy and perform requests to internal or external resources through the IconUriServlet.

Attackers may leverage this vulnerability to conduct cross-site scripting attacks or to gain access to sensitive information like metadata resources in a cloud-based environment.

The following Atlassian product versions are vulnerable:
 - Bamboo < 6.0.0
 - Bitbucket < 4.14.4
 - Confluence < 6.1.3
 - Crowd < 2.11.2
 - Crucible & Fisheye < 4.3.2
 - Jira < 7.3.5.

Solution

Upgrade at least to the Atlassian product versions bundled with a fixed version of the OAuth plugin : Bamboo version 6.0.0, Bitbucket version 4.14.4, Confluence version 6.1.3, Crowd version 2.11.2, Crucible & Fisheye version 4.3.2 and Jira version 7.3.5.

See Also

http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html

https://ecosystem.atlassian.net/browse/OAUTH-344

https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a

Plugin Details

Severity: Medium

ID: 98999

Type: remote

Published: 4/16/2020

Updated: 9/7/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2017-9506

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS Score Source: CVE-2017-9506

Vulnerability Information

CPE: cpe:2.3:a:atlassian:oauth:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2017-9506

BID: 103428